File uploads are used in various situations, for example image or video uploads to a realtor's website, audio files for a music service, or business documents. Allowing users to upload files to the server is sometimes necessary, but the script must use safeguards to prevent misuse as unscrupulous users could try to upload malicious files.
One of the more interesting file upload scripts I've made is for advertising image uploads to a web portal. In this case, users upload still images for display on sports scoreboards. The users upload the files, choose display options, and pay for the ad placements using a secure online payment gateway. External hardware devices located at the sport facilities receive the ads and ad-schedules from the server.
After a user is authenticated, they choose a file to upload:
The server receives the file in a temporary folder. The upload script immediately checks the file to make sure it is indeed an image. If so, it then checks the file name and the size of file. If the file is not an image, or is not named, or is too large, the user is informed to try again. Else, the file is copied to another folder and renamed, so the user does not know the new name of the file (for security, to prevent a hack). The old and new filename are tracked as hidden variables for later use. The user can now review the file, and either submit it, or start over:
Once the image is submitted, the user chooses the options, in this case what sport or sports to advertise during, and a duration of time to run the ad:
Now that the ad and options are set, the final step is payment via the online payment gateway:
When payment is received, the database is updated with image and schedule information. The remote devices contact the server to receive their respective images and schedules.